Collaborative Research: SaTC: CORE: Small: Investigation of Naming Space Hijacking Threat and Its Defense

Information

  • NSF Award
  • 2317830
Owner
  • Award Id
    2317830
  • Award Effective Date
    10/1/2023 - a year ago
  • Award Expiration Date
    9/30/2026 - a year from now
  • Award Amount
    $ 198,009.00
  • Award Instrument
    Continuing Grant

Collaborative Research: SaTC: CORE: Small: Investigation of Naming Space Hijacking Threat and Its Defense

This project delves into the emerging security risks associated with naming space hijacking attacks targeting Internet applications. In this type of attack, an adversary exploits similarities and confusion in names of domains and resources in cyber space (e.g., Amazon.com vs. Amazom.com) to target users and even software developers, leading to financial loss, intellectual property theft, reputation damage, and disruption of normal operations for unsuspecting users. The project’s novelty is the assessment of the security risks of these types of attacks systematically and quantitatively across vital platforms and applications, including software supply chain ecosystems, the Metaverse, and decentralized financial applications (Web3). This investigation also enables the development of effective defense mechanisms and provides a strong safety guarantee to Internet users. The project's broader significance and importance lie in securing current and future Internet applications, thereby enhancing the availability and reliability of Internet services. Additionally, educational efforts are devoted to the curriculum design of new cybersecurity courses with a focus on Web3 applications. Outreach activities are also conducted to promote the involvement of underrepresented minorities in computing and to enhance cybersecurity awareness and knowledge in the states of Virginia and Delaware (an EPSCoR state).<br/><br/>This project develops multiple frameworks to continuously monitor and capture any suspicious activities and pinpoint potential naming space hijacking issues. The first task focuses on the identification and disclosure of vulnerabilities within software supply chain ecosystems that can be exploited by adversaries to hijack existing packages or distribute malicious code. The second task centers on exploring potential threats within user-specific worlds in emerging Metaverse platforms. The third task involves leveraging machine learning techniques to detect and mitigate fraudulent online activities within decentralized blockchain applications. Ultimately, the project aims to design and develop lightweight and robust defense systems that can effectively mitigate the potential security threats posed by naming space hijacking threats. The overall security risks are evaluated through long-term observation and large-scale measurement studies on real-world applications. The defense strategies are integrated in existing systems and protocols, and thoroughly evaluated on real-world scenarios to demonstrate their effectiveness.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

  • Program Officer
    Karen Karavanickkaravan@nsf.gov7032922594
  • Min Amd Letter Date
    7/26/2023 - a year ago
  • Max Amd Letter Date
    8/31/2023 - a year ago
  • ARRA Amount

Institutions

  • Name
    University of Delaware
  • City
    NEWARK
  • State
    DE
  • Country
    United States
  • Address
    220 HULLIHEN HALL
  • Postal Code
    197160099
  • Phone Number
    3028312136

Investigators

  • First Name
    Xing
  • Last Name
    Gao
  • Email Address
    xgao@udel.edu
  • Start Date
    7/26/2023 12:00:00 AM

Program Element

  • Text
    Secure &Trustworthy Cyberspace
  • Code
    8060

Program Reference

  • Text
    SaTC: Secure and Trustworthy Cyberspace
  • Text
    SMALL PROJECT
  • Code
    7923
  • Text
    EXP PROG TO STIM COMP RES
  • Code
    9150